A platform for secure static binary instrumentation
read more
Citations
The Performance Cost of Shadow Stacks and Stack Canaries
Practical Context-Sensitive CFI
The Art, Science, and Engineering of Fuzzing: A Survey
The Art, Science, and Engineering of Fuzzing: A Survey
An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries
References
Pin: building customized program analysis tools with dynamic instrumentation
Valgrind: a framework for heavyweight dynamic binary instrumentation
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
Efficient software-based fault isolation
BitBlaze: A New Approach to Computer Security via Binary Analysis
Related Papers (5)
Frequently Asked Questions (9)
Q2. What is the effect of a shadow stack attack?
attacks aimed at evading shadow stack checks, such as those basedon jumping into the middle of (or past the end of) checking code will be defeated as well.
Q3. What is the main drawback of heuristics?
use of heuristics means that there could be disassembly errors, and these can lead to instrumentation subversion, e.g., by jumping to the middle of an instruction.
Q4. Why did the authors use DynamoRIO to instrument coreutils?
But due to difficulties in invoking DynamoRIO on each coreutils program inside the test script, the authors used DynamoRIO to run make so that it will subsequently instrument all programs invoked from there.
Q5. What is the principle of resolving a client function name?
In principle, resolving a client function name is straight-forward: use the standard C-compiler to produce a shared library from the client library source, and include this library in the dependency list for the instrumented binary.
Q6. What is the common reason why the API is not enabled on instrumentation platforms?
memory isolation incurs significant additional costs, and hence is typically not enabled on most instrumentation platforms, including most DBI platforms.
Q7. What is the role of program instrumentation in the security policy enforcement?
Program instrumentation has played a central role in exploit detection/prevention, security policy enforcement, application monitoring and debugging.
Q8. What is the drawback of a purely static instrumentation approach?
One of the drawbacks of a purely static instrumentation approach is that the user has to compute the list of all shared libraries that may be used when an instrumented programis run, and create instrumented version of these libraries.
Q9. What are the main advances in static disassembly?
Specific advances made in these works were: (a) expanding the coverage of recursive disassembly using static analysis techniques for code pointer discovery, and (b) the development of instrumentation techniques that tolerate disassembly of data.